adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/56e9b21a-98fc-4d0e-ae29-4e53950d210f.json

2357 lines
104 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--56e9b21a-98fc-4d0e-ae29-4e53950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:33.000Z",
"modified": "2016-03-16T19:28:33.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56e9b21a-98fc-4d0e-ae29-4e53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:33.000Z",
"modified": "2016-03-16T19:28:33.000Z",
"name": "OSINT - AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device",
"published": "2016-03-16T19:29:28Z",
"object_refs": [
"observed-data--56e9b248-c8b4-40ab-977f-5ef7950d210f",
"url--56e9b248-c8b4-40ab-977f-5ef7950d210f",
"x-misp-attribute--56e9b25b-880c-46b8-8e3e-4757950d210f",
"indicator--56e9b29f-c87c-4af3-a97f-4d47950d210f",
"indicator--56e9b29f-363c-4673-8be4-4006950d210f",
"indicator--56e9b29f-1674-48f9-8f1e-45e0950d210f",
"indicator--56e9b30d-5d94-46b3-a850-4d2a950d210f",
"indicator--56e9b30e-0360-4c96-bd7a-4b71950d210f",
"indicator--56e9b30e-7498-4799-99e2-4a41950d210f",
"indicator--56e9b30e-63f4-4e36-aa21-4ca2950d210f",
"indicator--56e9b30f-9c50-44c7-ae2b-4f19950d210f",
"indicator--56e9b30f-e5f0-4e6d-955f-45ac950d210f",
"indicator--56e9b30f-ff78-461f-96c2-47fc950d210f",
"indicator--56e9b310-28f8-4a9d-9d54-45bf950d210f",
"indicator--56e9b310-0d74-4679-9d06-4682950d210f",
"indicator--56e9b310-c480-4783-8a3d-4298950d210f",
"indicator--56e9b311-39c8-4c61-b645-4801950d210f",
"indicator--56e9b311-8d54-4c07-af17-47cf950d210f",
"indicator--56e9b311-efb0-4da9-8671-438b950d210f",
"indicator--56e9b311-c030-4206-8ab4-4d42950d210f",
"indicator--56e9b312-5cdc-41cf-bffc-4450950d210f",
"indicator--56e9b33e-182c-4cd2-9bb0-5ef5950d210f",
"indicator--56e9b33f-c1f4-4de4-86ae-5ef5950d210f",
"indicator--56e9b36a-195c-434c-ab05-5ef7950d210f",
"indicator--56e9b36b-9118-420c-97a9-5ef7950d210f",
"indicator--56e9b36b-a204-43cb-afe8-5ef7950d210f",
"indicator--56e9b36b-2e90-4b0f-8fcf-5ef7950d210f",
"indicator--56e9b36b-aa08-41eb-ad42-5ef7950d210f",
"indicator--56e9b36c-5d88-47c6-be01-5ef7950d210f",
"indicator--56e9b36c-195c-4267-8a9d-5ef7950d210f",
"indicator--56e9b392-dda8-45c5-962f-4d6c950d210f",
"indicator--56e9b392-3c78-47aa-8a65-4cfd950d210f",
"indicator--56e9b393-81f8-41c0-8810-4c11950d210f",
"indicator--56e9b3e1-0134-47b2-9d20-539002de0b81",
"indicator--56e9b3e2-ce6c-43d0-902a-539002de0b81",
"observed-data--56e9b3e2-3be0-4939-86f9-539002de0b81",
"url--56e9b3e2-3be0-4939-86f9-539002de0b81",
"indicator--56e9b3e2-9b9c-44a2-abdf-539002de0b81",
"indicator--56e9b3e3-7ba0-4ecd-9ff2-539002de0b81",
"observed-data--56e9b3e3-67f0-47a5-9734-539002de0b81",
"url--56e9b3e3-67f0-47a5-9734-539002de0b81",
"indicator--56e9b3e3-7db8-417f-a573-539002de0b81",
"indicator--56e9b3e3-1dd4-4993-af5c-539002de0b81",
"observed-data--56e9b3e4-13bc-47cf-8be4-539002de0b81",
"url--56e9b3e4-13bc-47cf-8be4-539002de0b81",
"indicator--56e9b3e4-eedc-4dac-8ddb-539002de0b81",
"indicator--56e9b3e4-8904-4bb6-bb24-539002de0b81",
"observed-data--56e9b3e5-bed0-4c2b-9ac2-539002de0b81",
"url--56e9b3e5-bed0-4c2b-9ac2-539002de0b81",
"indicator--56e9b3e5-1f30-4e40-b43a-539002de0b81",
"indicator--56e9b3e5-8f30-4bbe-845b-539002de0b81",
"observed-data--56e9b3e6-27b8-4ddc-a0e2-539002de0b81",
"url--56e9b3e6-27b8-4ddc-a0e2-539002de0b81",
"indicator--56e9b3e6-7228-4456-9bfc-539002de0b81",
"indicator--56e9b3e6-c170-4338-8e5b-539002de0b81",
"observed-data--56e9b3e6-7c80-4d07-b399-539002de0b81",
"url--56e9b3e6-7c80-4d07-b399-539002de0b81",
"indicator--56e9b3e7-c034-436b-8f5d-539002de0b81",
"indicator--56e9b3e7-0b9c-4e9e-bed4-539002de0b81",
"observed-data--56e9b3e7-970c-43e0-a3a7-539002de0b81",
"url--56e9b3e7-970c-43e0-a3a7-539002de0b81",
"indicator--56e9b3e7-4974-4ada-aa27-539002de0b81",
"indicator--56e9b3e8-f0f4-4174-af9d-539002de0b81",
"observed-data--56e9b3e8-75ec-4a33-8129-539002de0b81",
"url--56e9b3e8-75ec-4a33-8129-539002de0b81",
"indicator--56e9b3e8-27f0-4156-94ff-539002de0b81",
"indicator--56e9b3e9-c564-4c77-b1f9-539002de0b81",
"observed-data--56e9b3e9-f938-480c-821e-539002de0b81",
"url--56e9b3e9-f938-480c-821e-539002de0b81",
"indicator--56e9b3e9-a930-436c-baa8-539002de0b81",
"indicator--56e9b3e9-5648-442a-98fc-539002de0b81",
"observed-data--56e9b3ea-3c44-4c6d-9b5d-539002de0b81",
"url--56e9b3ea-3c44-4c6d-9b5d-539002de0b81",
"indicator--56e9b3ea-a06c-4039-b71e-539002de0b81",
"indicator--56e9b3ea-39bc-4d31-a57e-539002de0b81",
"observed-data--56e9b3eb-e118-470e-839d-539002de0b81",
"url--56e9b3eb-e118-470e-839d-539002de0b81",
"indicator--56e9b3eb-e7ec-4948-aeae-539002de0b81",
"indicator--56e9b3eb-93a4-484b-b932-539002de0b81",
"observed-data--56e9b3eb-2ca8-4f08-91af-539002de0b81",
"url--56e9b3eb-2ca8-4f08-91af-539002de0b81",
"indicator--56e9b3ec-f208-4010-a835-539002de0b81",
"indicator--56e9b3ec-6ce4-4e54-9f0d-539002de0b81",
"observed-data--56e9b3ec-390c-423c-aba8-539002de0b81",
"url--56e9b3ec-390c-423c-aba8-539002de0b81",
"indicator--56e9b3ed-f774-41a9-a3fe-539002de0b81",
"indicator--56e9b3ed-bb24-451f-9f8e-539002de0b81",
"observed-data--56e9b3ed-cabc-417f-be44-539002de0b81",
"url--56e9b3ed-cabc-417f-be44-539002de0b81",
"indicator--56e9b3ed-7924-4041-b2ca-539002de0b81",
"indicator--56e9b3ee-f938-4289-b4d2-539002de0b81",
"observed-data--56e9b3ee-69dc-46a7-9742-539002de0b81",
"url--56e9b3ee-69dc-46a7-9742-539002de0b81",
"indicator--56e9b3ee-5440-4e68-b64d-539002de0b81",
"indicator--56e9b3ef-f41c-468b-a86e-539002de0b81",
"observed-data--56e9b3ef-8398-4967-a74a-539002de0b81",
"url--56e9b3ef-8398-4967-a74a-539002de0b81",
"indicator--56e9b3ef-e360-4ef3-ba4d-539002de0b81",
"indicator--56e9b3ef-da7c-4896-9ec2-539002de0b81",
"observed-data--56e9b3f0-4efc-41e2-b727-539002de0b81",
"url--56e9b3f0-4efc-41e2-b727-539002de0b81",
"indicator--56e9b3f0-ce04-4ef3-b3b6-539002de0b81",
"indicator--56e9b3f0-7e84-4d3d-9acf-539002de0b81",
"observed-data--56e9b3f0-6120-4139-9553-539002de0b81",
"url--56e9b3f0-6120-4139-9553-539002de0b81",
"indicator--56e9b3f1-ec94-4b84-af15-539002de0b81",
"indicator--56e9b3f1-e0f4-4400-8f2a-539002de0b81",
"observed-data--56e9b3f1-8568-4416-8869-539002de0b81",
"url--56e9b3f1-8568-4416-8869-539002de0b81",
"indicator--56e9b3f2-c6c8-4f37-b17b-539002de0b81",
"indicator--56e9b3f2-1954-474d-9234-539002de0b81",
"observed-data--56e9b3f2-dfd8-44ff-a678-539002de0b81",
"url--56e9b3f2-dfd8-44ff-a678-539002de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b248-c8b4-40ab-977f-5ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:21:44.000Z",
"modified": "2016-03-16T19:21:44.000Z",
"first_observed": "2016-03-16T19:21:44Z",
"last_observed": "2016-03-16T19:21:44Z",
"number_observed": 1,
"object_refs": [
"url--56e9b248-c8b4-40ab-977f-5ef7950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b248-c8b4-40ab-977f-5ef7950d210f",
"value": "http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e9b25b-880c-46b8-8e3e-4757950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:22:03.000Z",
"modified": "2016-03-16T19:22:03.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "We\u00e2\u20ac\u2122ve discovered a new family of iOS malware that successfully infected non-jailbroken devices we\u00e2\u20ac\u2122ve named \u00e2\u20ac\u0153AceDeceiver\u00e2\u20ac\u009d.\r\n\r\nWhat makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple\u00e2\u20ac\u2122s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector.\r\n\r\nAceDeceiver is the first iOS malware we\u00e2\u20ac\u2122ve seen that abuses certain design flaws in Apple\u00e2\u20ac\u2122s DRM protection mechanism \u00e2\u20ac\u201d namely FairPlay \u00e2\u20ac\u201d to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called \u00e2\u20ac\u0153FairPlay Man-In-The-Middle (MITM)\u00e2\u20ac\u009d and has been used since 2013 to spread pirated iOS apps, but this is the first time we\u00e2\u20ac\u2122ve seen it used to spread malware. (The FairPlay MITM attack technique was also presented at the USENIX Security Symposium in 2014; however, attacks using this technique are still occurring successfully.)"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b29f-c87c-4af3-a97f-4d47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:23:11.000Z",
"modified": "2016-03-16T19:23:11.000Z",
"description": "C2 Domains",
"pattern": "[domain-name:value = 'tool.verify.i4.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:23:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b29f-363c-4673-8be4-4006950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:23:11.000Z",
"modified": "2016-03-16T19:23:11.000Z",
"description": "C2 Domains",
"pattern": "[domain-name:value = 'auth3.i4.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:23:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b29f-1674-48f9-8f1e-45e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:23:11.000Z",
"modified": "2016-03-16T19:23:11.000Z",
"description": "C2 Domains",
"pattern": "[domain-name:value = 'buy.app.i4.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:23:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b30d-5d94-46b3-a850-4d2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:01.000Z",
"modified": "2016-03-16T19:25:01.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '0a8e29bd8fe0f5d4d6a8677454b1d01e97478dc4bc3666eaab6bbbf2f2e759bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b30e-0360-4c96-bd7a-4b71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:02.000Z",
"modified": "2016-03-16T19:25:02.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '1b6cf5abe2bd3d5bb84da8debd5ec563393d30995ce4afc6142dc3381ac69902']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b30e-7498-4799-99e2-4a41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:02.000Z",
"modified": "2016-03-16T19:25:02.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '352d1af3a5cef417dda688be2dd35c3f59841ea56c393a07f95a0bc5ab576448']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b30e-63f4-4e36-aa21-4ca2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:02.000Z",
"modified": "2016-03-16T19:25:02.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '5bc7ceb48ca4951997d50425d5b34484505e4444a3e172ab846b2595104b7138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b30f-9c50-44c7-ae2b-4f19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:03.000Z",
"modified": "2016-03-16T19:25:03.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '5bebcacfb5c541bd6ba7530aeb2971c20adb1beddb244e4367d40cd87bfc826d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b30f-e5f0-4e6d-955f-45ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:03.000Z",
"modified": "2016-03-16T19:25:03.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '63e3cc1d00abef8ad6c2029e7f9a4831ec4c48682979a7385a940fb73cfc03a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b30f-ff78-461f-96c2-47fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:03.000Z",
"modified": "2016-03-16T19:25:03.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '821f93bae8c067af71626ca84cdc20226df61c4c371e5eb6423d9439c8b8c25d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b310-28f8-4a9d-9d54-45bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:04.000Z",
"modified": "2016-03-16T19:25:04.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '86b8065d40c24e3702ed848ec28650b074a577f677375c094ed61a2efffce11b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b310-0d74-4679-9d06-4682950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:04.000Z",
"modified": "2016-03-16T19:25:04.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = '9a4a40625efcc6f4de419db0bec9fbdfdc379918a95fba572ee56cffc13cd074']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b310-c480-4783-8a3d-4298950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:04.000Z",
"modified": "2016-03-16T19:25:04.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = 'a504d47fdfa630bc1c474cdbdaf0dd82a46a08e5d662ecc1bffc57f3c409690e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b311-39c8-4c61-b645-4801950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:05.000Z",
"modified": "2016-03-16T19:25:05.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = 'baa255dd7a0e52edf6e4f3082a6840800898969a3d17f2bcb6a88d0a94c5b795']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b311-8d54-4c07-af17-47cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:05.000Z",
"modified": "2016-03-16T19:25:05.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = 'bc5e3be07e65f25479cee7de8615b386c489c1253659ed7ca5526f86f5116374']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b311-efb0-4da9-8671-438b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:05.000Z",
"modified": "2016-03-16T19:25:05.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = 'c41e3abd97e16b3d9514583eef613105006d69dffb2231badfd500d29eb113bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b311-c030-4206-8ab4-4d42950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:05.000Z",
"modified": "2016-03-16T19:25:05.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = 'd879c6d96463b81e4f2085a565418c99b559a8803ca449442464a2b6cd728d97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b312-5cdc-41cf-bffc-4450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:06.000Z",
"modified": "2016-03-16T19:25:06.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"pattern": "[file:hashes.SHA256 = 'f6cabdc408e12912c07097c9956ceda2f7033e88c2ca59d7618b9256d3724f5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b33e-182c-4cd2-9bb0-5ef5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:50.000Z",
"modified": "2016-03-16T19:25:50.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM stripped)",
"pattern": "[file:name = 'com.i4.picture.ipa' AND file:hashes.SHA256 = 'bc82efce99f149441a2fd730a961a0f7da58dd6c9c3b45597f5571f227a52309']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b33f-c1f4-4de4-86ae-5ef5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:25:51.000Z",
"modified": "2016-03-16T19:25:51.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM stripped)",
"pattern": "[file:name = 'aisiweb' AND file:hashes.SHA256 = 'ad7cfc29b0a9b6ade878d01084c68d0bbcde699e142652b00132317c04bcf730']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:25:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b36a-195c-434c-ab05-5ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:26:34.000Z",
"modified": "2016-03-16T19:26:34.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"pattern": "[file:hashes.SHA256 = '5894742146c02ba8af5390c91e4f0d2e5ad6cfaa2b916945ebb4fad633b054e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b36b-9118-420c-97a9-5ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:26:35.000Z",
"modified": "2016-03-16T19:26:35.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"pattern": "[file:hashes.SHA256 = 'ba07f252801120b081c45a173fb1a205fea763ed827f05fb9beb5150ae297ccb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b36b-a204-43cb-afe8-5ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:26:35.000Z",
"modified": "2016-03-16T19:26:35.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"pattern": "[file:hashes.SHA256 = 'f7e50fdc4f20f0d25771a694eb3f3643c1842e3b14f06aaa5e8d9dab1c1851e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b36b-2e90-4b0f-8fcf-5ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:26:35.000Z",
"modified": "2016-03-16T19:26:35.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"pattern": "[file:hashes.SHA256 = 'ca115f8a3751e4c0fc36b001e3c74d3ac167360a4a44fd1b373b25487de05820']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b36b-aa08-41eb-ad42-5ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:26:35.000Z",
"modified": "2016-03-16T19:26:35.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"pattern": "[file:hashes.SHA256 = '3e02b30a6a920a5bdc139270b1e731a4a8d7ab313e9c8d9af9fec611710b4d09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b36c-5d88-47c6-be01-5ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:26:36.000Z",
"modified": "2016-03-16T19:26:36.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"pattern": "[file:hashes.SHA256 = '006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b36c-195c-4267-8a9d-5ef7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:26:36.000Z",
"modified": "2016-03-16T19:26:36.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"pattern": "[file:hashes.SHA256 = 'fbc26c14a3ff609332644f5d9702f07ace024961b7aa2c531df2715911b1c57d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b392-dda8-45c5-962f-4d6c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:27:14.000Z",
"modified": "2016-03-16T19:27:14.000Z",
"description": "Trojan.Win32.AceDeceiver",
"pattern": "[file:hashes.SHA256 = 'ad313d8e65e72a790332280701bc2c2d68a12efbeba1b97ce3dde62abbb81c97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b392-3c78-47aa-8a65-4cfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:27:14.000Z",
"modified": "2016-03-16T19:27:14.000Z",
"description": "Trojan.Win32.AceDeceiver",
"pattern": "[file:hashes.SHA256 = '9231166a2114f6b1c2d6cd6a57b5836e919ee5739d8868f07425d3c22697894e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b393-81f8-41c0-8810-4c11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:27:15.000Z",
"modified": "2016-03-16T19:27:15.000Z",
"description": "Trojan.Win32.AceDeceiver",
"pattern": "[file:hashes.SHA256 = '78a2cdade1b0715e4f3f372e86724ee10e241ad8821c6b8caa3e84fd7e78ba7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e1-0134-47b2-9d20-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:33.000Z",
"modified": "2016-03-16T19:28:33.000Z",
"description": "Trojan.Win32.AceDeceiver - Xchecked via VT: 78a2cdade1b0715e4f3f372e86724ee10e241ad8821c6b8caa3e84fd7e78ba7e",
"pattern": "[file:hashes.SHA1 = '4e176ae83e49bf9f3b5040063fec290d676af144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e2-ce6c-43d0-902a-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:34.000Z",
"modified": "2016-03-16T19:28:34.000Z",
"description": "Trojan.Win32.AceDeceiver - Xchecked via VT: 78a2cdade1b0715e4f3f372e86724ee10e241ad8821c6b8caa3e84fd7e78ba7e",
"pattern": "[file:hashes.MD5 = '3c1406453dbec9284caa1a10b4a83fd7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e2-3be0-4939-86f9-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:34.000Z",
"modified": "2016-03-16T19:28:34.000Z",
"first_observed": "2016-03-16T19:28:34Z",
"last_observed": "2016-03-16T19:28:34Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e2-3be0-4939-86f9-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e2-3be0-4939-86f9-539002de0b81",
"value": "https://www.virustotal.com/file/78a2cdade1b0715e4f3f372e86724ee10e241ad8821c6b8caa3e84fd7e78ba7e/analysis/1457925852/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e2-9b9c-44a2-abdf-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:34.000Z",
"modified": "2016-03-16T19:28:34.000Z",
"description": "Trojan.Win32.AceDeceiver - Xchecked via VT: 9231166a2114f6b1c2d6cd6a57b5836e919ee5739d8868f07425d3c22697894e",
"pattern": "[file:hashes.SHA1 = '3496e1ad3f3e37b55a6db62a37ab8873067ac13d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e3-7ba0-4ecd-9ff2-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:35.000Z",
"modified": "2016-03-16T19:28:35.000Z",
"description": "Trojan.Win32.AceDeceiver - Xchecked via VT: 9231166a2114f6b1c2d6cd6a57b5836e919ee5739d8868f07425d3c22697894e",
"pattern": "[file:hashes.MD5 = 'c1c335b98209ffa9336db47bfc0eea36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e3-67f0-47a5-9734-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:35.000Z",
"modified": "2016-03-16T19:28:35.000Z",
"first_observed": "2016-03-16T19:28:35Z",
"last_observed": "2016-03-16T19:28:35Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e3-67f0-47a5-9734-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e3-67f0-47a5-9734-539002de0b81",
"value": "https://www.virustotal.com/file/9231166a2114f6b1c2d6cd6a57b5836e919ee5739d8868f07425d3c22697894e/analysis/1458119899/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e3-7db8-417f-a573-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:35.000Z",
"modified": "2016-03-16T19:28:35.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: fbc26c14a3ff609332644f5d9702f07ace024961b7aa2c531df2715911b1c57d",
"pattern": "[file:hashes.SHA1 = '1aef2326a58d0977fc304ace15d89df291644315']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e3-1dd4-4993-af5c-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:35.000Z",
"modified": "2016-03-16T19:28:35.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: fbc26c14a3ff609332644f5d9702f07ace024961b7aa2c531df2715911b1c57d",
"pattern": "[file:hashes.MD5 = 'c79492a303547697453438d321af4c50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e4-13bc-47cf-8be4-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:36.000Z",
"modified": "2016-03-16T19:28:36.000Z",
"first_observed": "2016-03-16T19:28:36Z",
"last_observed": "2016-03-16T19:28:36Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e4-13bc-47cf-8be4-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e4-13bc-47cf-8be4-539002de0b81",
"value": "https://www.virustotal.com/file/fbc26c14a3ff609332644f5d9702f07ace024961b7aa2c531df2715911b1c57d/analysis/1458143418/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e4-eedc-4dac-8ddb-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:36.000Z",
"modified": "2016-03-16T19:28:36.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: 006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5",
"pattern": "[file:hashes.SHA1 = '93da7b5307964190095ec16f8389246a58503530']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e4-8904-4bb6-bb24-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:36.000Z",
"modified": "2016-03-16T19:28:36.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: 006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5",
"pattern": "[file:hashes.MD5 = 'e777707b967cd2c4a312064397a5ef5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e5-bed0-4c2b-9ac2-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:37.000Z",
"modified": "2016-03-16T19:28:37.000Z",
"first_observed": "2016-03-16T19:28:37Z",
"last_observed": "2016-03-16T19:28:37Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e5-bed0-4c2b-9ac2-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e5-bed0-4c2b-9ac2-539002de0b81",
"value": "https://www.virustotal.com/file/006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5/analysis/1458153149/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e5-1f30-4e40-b43a-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:37.000Z",
"modified": "2016-03-16T19:28:37.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: 3e02b30a6a920a5bdc139270b1e731a4a8d7ab313e9c8d9af9fec611710b4d09",
"pattern": "[file:hashes.SHA1 = '5e076abc86444d931d58b5d2f6ebfa04ec31a06e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e5-8f30-4bbe-845b-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:37.000Z",
"modified": "2016-03-16T19:28:37.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: 3e02b30a6a920a5bdc139270b1e731a4a8d7ab313e9c8d9af9fec611710b4d09",
"pattern": "[file:hashes.MD5 = 'ebfcecf97992fe3e707786462abb4fce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e6-27b8-4ddc-a0e2-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:38.000Z",
"modified": "2016-03-16T19:28:38.000Z",
"first_observed": "2016-03-16T19:28:38Z",
"last_observed": "2016-03-16T19:28:38Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e6-27b8-4ddc-a0e2-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e6-27b8-4ddc-a0e2-539002de0b81",
"value": "https://www.virustotal.com/file/3e02b30a6a920a5bdc139270b1e731a4a8d7ab313e9c8d9af9fec611710b4d09/analysis/1456021437/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e6-7228-4456-9bfc-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:38.000Z",
"modified": "2016-03-16T19:28:38.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: ca115f8a3751e4c0fc36b001e3c74d3ac167360a4a44fd1b373b25487de05820",
"pattern": "[file:hashes.SHA1 = 'aba46ac2c816530e96cf9bddeade627b8b17dcb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e6-c170-4338-8e5b-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:38.000Z",
"modified": "2016-03-16T19:28:38.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: ca115f8a3751e4c0fc36b001e3c74d3ac167360a4a44fd1b373b25487de05820",
"pattern": "[file:hashes.MD5 = 'a3b156f679a915c0c7a255151d73965b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e6-7c80-4d07-b399-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:38.000Z",
"modified": "2016-03-16T19:28:38.000Z",
"first_observed": "2016-03-16T19:28:38Z",
"last_observed": "2016-03-16T19:28:38Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e6-7c80-4d07-b399-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e6-7c80-4d07-b399-539002de0b81",
"value": "https://www.virustotal.com/file/ca115f8a3751e4c0fc36b001e3c74d3ac167360a4a44fd1b373b25487de05820/analysis/1458143429/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e7-c034-436b-8f5d-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:39.000Z",
"modified": "2016-03-16T19:28:39.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: f7e50fdc4f20f0d25771a694eb3f3643c1842e3b14f06aaa5e8d9dab1c1851e9",
"pattern": "[file:hashes.SHA1 = 'b1b5d7e235d039457365f3e988b212838b84536d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e7-0b9c-4e9e-bed4-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:39.000Z",
"modified": "2016-03-16T19:28:39.000Z",
"description": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: f7e50fdc4f20f0d25771a694eb3f3643c1842e3b14f06aaa5e8d9dab1c1851e9",
"pattern": "[file:hashes.MD5 = 'd2aff7f47c586aecb23b3d53b091c54c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e7-970c-43e0-a3a7-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:39.000Z",
"modified": "2016-03-16T19:28:39.000Z",
"first_observed": "2016-03-16T19:28:39Z",
"last_observed": "2016-03-16T19:28:39Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e7-970c-43e0-a3a7-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e7-970c-43e0-a3a7-539002de0b81",
"value": "https://www.virustotal.com/file/f7e50fdc4f20f0d25771a694eb3f3643c1842e3b14f06aaa5e8d9dab1c1851e9/analysis/1455284003/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e7-4974-4ada-aa27-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:39.000Z",
"modified": "2016-03-16T19:28:39.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: f6cabdc408e12912c07097c9956ceda2f7033e88c2ca59d7618b9256d3724f5c",
"pattern": "[file:hashes.SHA1 = '44247c68ed8faf16a758f330ccdde0e66f4a9f75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e8-f0f4-4174-af9d-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:40.000Z",
"modified": "2016-03-16T19:28:40.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: f6cabdc408e12912c07097c9956ceda2f7033e88c2ca59d7618b9256d3724f5c",
"pattern": "[file:hashes.MD5 = '5d9b59db4b8cc84bd2e14f9e1768fb87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e8-75ec-4a33-8129-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:40.000Z",
"modified": "2016-03-16T19:28:40.000Z",
"first_observed": "2016-03-16T19:28:40Z",
"last_observed": "2016-03-16T19:28:40Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e8-75ec-4a33-8129-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e8-75ec-4a33-8129-539002de0b81",
"value": "https://www.virustotal.com/file/f6cabdc408e12912c07097c9956ceda2f7033e88c2ca59d7618b9256d3724f5c/analysis/1455283844/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e8-27f0-4156-94ff-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:40.000Z",
"modified": "2016-03-16T19:28:40.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: d879c6d96463b81e4f2085a565418c99b559a8803ca449442464a2b6cd728d97",
"pattern": "[file:hashes.SHA1 = '98d6d7caa432ecea278fa33845eedad67189e042']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e9-c564-4c77-b1f9-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:41.000Z",
"modified": "2016-03-16T19:28:41.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: d879c6d96463b81e4f2085a565418c99b559a8803ca449442464a2b6cd728d97",
"pattern": "[file:hashes.MD5 = 'e2f05253fd536c7e01f6e0a4ce2b2b34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3e9-f938-480c-821e-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:41.000Z",
"modified": "2016-03-16T19:28:41.000Z",
"first_observed": "2016-03-16T19:28:41Z",
"last_observed": "2016-03-16T19:28:41Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3e9-f938-480c-821e-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3e9-f938-480c-821e-539002de0b81",
"value": "https://www.virustotal.com/file/d879c6d96463b81e4f2085a565418c99b559a8803ca449442464a2b6cd728d97/analysis/1455283793/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e9-a930-436c-baa8-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:41.000Z",
"modified": "2016-03-16T19:28:41.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: bc5e3be07e65f25479cee7de8615b386c489c1253659ed7ca5526f86f5116374",
"pattern": "[file:hashes.SHA1 = '66a3758be788353d97ff04711fa2f4d8cb25c6b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3e9-5648-442a-98fc-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:41.000Z",
"modified": "2016-03-16T19:28:41.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: bc5e3be07e65f25479cee7de8615b386c489c1253659ed7ca5526f86f5116374",
"pattern": "[file:hashes.MD5 = '3652db89ace912e15628b45b80cf389a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3ea-3c44-4c6d-9b5d-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:42.000Z",
"modified": "2016-03-16T19:28:42.000Z",
"first_observed": "2016-03-16T19:28:42Z",
"last_observed": "2016-03-16T19:28:42Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3ea-3c44-4c6d-9b5d-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3ea-3c44-4c6d-9b5d-539002de0b81",
"value": "https://www.virustotal.com/file/bc5e3be07e65f25479cee7de8615b386c489c1253659ed7ca5526f86f5116374/analysis/1455283796/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ea-a06c-4039-b71e-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:42.000Z",
"modified": "2016-03-16T19:28:42.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: baa255dd7a0e52edf6e4f3082a6840800898969a3d17f2bcb6a88d0a94c5b795",
"pattern": "[file:hashes.SHA1 = 'e07702303f91cbf35e4deac600974cf94d5d27ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ea-39bc-4d31-a57e-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:42.000Z",
"modified": "2016-03-16T19:28:42.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: baa255dd7a0e52edf6e4f3082a6840800898969a3d17f2bcb6a88d0a94c5b795",
"pattern": "[file:hashes.MD5 = '1dc2584cd2c167907ae547bd4b040710']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3eb-e118-470e-839d-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:43.000Z",
"modified": "2016-03-16T19:28:43.000Z",
"first_observed": "2016-03-16T19:28:43Z",
"last_observed": "2016-03-16T19:28:43Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3eb-e118-470e-839d-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3eb-e118-470e-839d-539002de0b81",
"value": "https://www.virustotal.com/file/baa255dd7a0e52edf6e4f3082a6840800898969a3d17f2bcb6a88d0a94c5b795/analysis/1455283796/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3eb-e7ec-4948-aeae-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:43.000Z",
"modified": "2016-03-16T19:28:43.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: a504d47fdfa630bc1c474cdbdaf0dd82a46a08e5d662ecc1bffc57f3c409690e",
"pattern": "[file:hashes.SHA1 = '620d3adc7717ded26643a63b86044151fdbb6f92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3eb-93a4-484b-b932-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:43.000Z",
"modified": "2016-03-16T19:28:43.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: a504d47fdfa630bc1c474cdbdaf0dd82a46a08e5d662ecc1bffc57f3c409690e",
"pattern": "[file:hashes.MD5 = '5e74324567ab4ebe47044337beec6f99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3eb-2ca8-4f08-91af-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:43.000Z",
"modified": "2016-03-16T19:28:43.000Z",
"first_observed": "2016-03-16T19:28:43Z",
"last_observed": "2016-03-16T19:28:43Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3eb-2ca8-4f08-91af-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3eb-2ca8-4f08-91af-539002de0b81",
"value": "https://www.virustotal.com/file/a504d47fdfa630bc1c474cdbdaf0dd82a46a08e5d662ecc1bffc57f3c409690e/analysis/1455283794/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ec-f208-4010-a835-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:44.000Z",
"modified": "2016-03-16T19:28:44.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 9a4a40625efcc6f4de419db0bec9fbdfdc379918a95fba572ee56cffc13cd074",
"pattern": "[file:hashes.SHA1 = 'e807e8a8a8ba51b8b347f004ba6e549797bd21f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ec-6ce4-4e54-9f0d-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:44.000Z",
"modified": "2016-03-16T19:28:44.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 9a4a40625efcc6f4de419db0bec9fbdfdc379918a95fba572ee56cffc13cd074",
"pattern": "[file:hashes.MD5 = '6a6d7ee4d87d824340e8e08c34ed7891']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3ec-390c-423c-aba8-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:44.000Z",
"modified": "2016-03-16T19:28:44.000Z",
"first_observed": "2016-03-16T19:28:44Z",
"last_observed": "2016-03-16T19:28:44Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3ec-390c-423c-aba8-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3ec-390c-423c-aba8-539002de0b81",
"value": "https://www.virustotal.com/file/9a4a40625efcc6f4de419db0bec9fbdfdc379918a95fba572ee56cffc13cd074/analysis/1455283799/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ed-f774-41a9-a3fe-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:45.000Z",
"modified": "2016-03-16T19:28:45.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 86b8065d40c24e3702ed848ec28650b074a577f677375c094ed61a2efffce11b",
"pattern": "[file:hashes.SHA1 = 'e57b6ba70f03241330b11135db6fafc82c1ad436']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ed-bb24-451f-9f8e-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:45.000Z",
"modified": "2016-03-16T19:28:45.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 86b8065d40c24e3702ed848ec28650b074a577f677375c094ed61a2efffce11b",
"pattern": "[file:hashes.MD5 = '41e820885d1cc951a848fd586be3e894']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3ed-cabc-417f-be44-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:45.000Z",
"modified": "2016-03-16T19:28:45.000Z",
"first_observed": "2016-03-16T19:28:45Z",
"last_observed": "2016-03-16T19:28:45Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3ed-cabc-417f-be44-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3ed-cabc-417f-be44-539002de0b81",
"value": "https://www.virustotal.com/file/86b8065d40c24e3702ed848ec28650b074a577f677375c094ed61a2efffce11b/analysis/1455283831/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ed-7924-4041-b2ca-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:45.000Z",
"modified": "2016-03-16T19:28:45.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 821f93bae8c067af71626ca84cdc20226df61c4c371e5eb6423d9439c8b8c25d",
"pattern": "[file:hashes.SHA1 = '3d09e43f6a089d93037f198b6344cdc5e9683285']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ee-f938-4289-b4d2-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:46.000Z",
"modified": "2016-03-16T19:28:46.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 821f93bae8c067af71626ca84cdc20226df61c4c371e5eb6423d9439c8b8c25d",
"pattern": "[file:hashes.MD5 = 'd6f664197eadfd8e080ccc0bbeee6e1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3ee-69dc-46a7-9742-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:46.000Z",
"modified": "2016-03-16T19:28:46.000Z",
"first_observed": "2016-03-16T19:28:46Z",
"last_observed": "2016-03-16T19:28:46Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3ee-69dc-46a7-9742-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3ee-69dc-46a7-9742-539002de0b81",
"value": "https://www.virustotal.com/file/821f93bae8c067af71626ca84cdc20226df61c4c371e5eb6423d9439c8b8c25d/analysis/1455283780/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ee-5440-4e68-b64d-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:46.000Z",
"modified": "2016-03-16T19:28:46.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 5bebcacfb5c541bd6ba7530aeb2971c20adb1beddb244e4367d40cd87bfc826d",
"pattern": "[file:hashes.SHA1 = '28a618de925cd017f2fd9a94f3de41b2d04fdccf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ef-f41c-468b-a86e-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:47.000Z",
"modified": "2016-03-16T19:28:47.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 5bebcacfb5c541bd6ba7530aeb2971c20adb1beddb244e4367d40cd87bfc826d",
"pattern": "[file:hashes.MD5 = '99910c48e7fc3bae3393013c8c797f43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3ef-8398-4967-a74a-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:47.000Z",
"modified": "2016-03-16T19:28:47.000Z",
"first_observed": "2016-03-16T19:28:47Z",
"last_observed": "2016-03-16T19:28:47Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3ef-8398-4967-a74a-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3ef-8398-4967-a74a-539002de0b81",
"value": "https://www.virustotal.com/file/5bebcacfb5c541bd6ba7530aeb2971c20adb1beddb244e4367d40cd87bfc826d/analysis/1455283977/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ef-e360-4ef3-ba4d-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:47.000Z",
"modified": "2016-03-16T19:28:47.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 5bc7ceb48ca4951997d50425d5b34484505e4444a3e172ab846b2595104b7138",
"pattern": "[file:hashes.SHA1 = 'c8119fbd7b0cbddd0be957a44708b6a9b920f16a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3ef-da7c-4896-9ec2-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:47.000Z",
"modified": "2016-03-16T19:28:47.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 5bc7ceb48ca4951997d50425d5b34484505e4444a3e172ab846b2595104b7138",
"pattern": "[file:hashes.MD5 = '96724f179c3afd44ddcc60bed4a4089d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3f0-4efc-41e2-b727-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:48.000Z",
"modified": "2016-03-16T19:28:48.000Z",
"first_observed": "2016-03-16T19:28:48Z",
"last_observed": "2016-03-16T19:28:48Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3f0-4efc-41e2-b727-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3f0-4efc-41e2-b727-539002de0b81",
"value": "https://www.virustotal.com/file/5bc7ceb48ca4951997d50425d5b34484505e4444a3e172ab846b2595104b7138/analysis/1455283785/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3f0-ce04-4ef3-b3b6-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:48.000Z",
"modified": "2016-03-16T19:28:48.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 352d1af3a5cef417dda688be2dd35c3f59841ea56c393a07f95a0bc5ab576448",
"pattern": "[file:hashes.SHA1 = 'ff33b12b8d51b6b863bc61777eef6c324e2db371']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3f0-7e84-4d3d-9acf-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:48.000Z",
"modified": "2016-03-16T19:28:48.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 352d1af3a5cef417dda688be2dd35c3f59841ea56c393a07f95a0bc5ab576448",
"pattern": "[file:hashes.MD5 = 'c6523b9cbce3dacd966ee7fac64e851a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3f0-6120-4139-9553-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:48.000Z",
"modified": "2016-03-16T19:28:48.000Z",
"first_observed": "2016-03-16T19:28:48Z",
"last_observed": "2016-03-16T19:28:48Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3f0-6120-4139-9553-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3f0-6120-4139-9553-539002de0b81",
"value": "https://www.virustotal.com/file/352d1af3a5cef417dda688be2dd35c3f59841ea56c393a07f95a0bc5ab576448/analysis/1455283777/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3f1-ec94-4b84-af15-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:49.000Z",
"modified": "2016-03-16T19:28:49.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 1b6cf5abe2bd3d5bb84da8debd5ec563393d30995ce4afc6142dc3381ac69902",
"pattern": "[file:hashes.SHA1 = 'be9f56d1b5f20dae5fe354b63cf84a13bf15d1f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3f1-e0f4-4400-8f2a-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:49.000Z",
"modified": "2016-03-16T19:28:49.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 1b6cf5abe2bd3d5bb84da8debd5ec563393d30995ce4afc6142dc3381ac69902",
"pattern": "[file:hashes.MD5 = '6614bd786cd5e7d0c7fd419cf7cd79ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3f1-8568-4416-8869-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:49.000Z",
"modified": "2016-03-16T19:28:49.000Z",
"first_observed": "2016-03-16T19:28:49Z",
"last_observed": "2016-03-16T19:28:49Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3f1-8568-4416-8869-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3f1-8568-4416-8869-539002de0b81",
"value": "https://www.virustotal.com/file/1b6cf5abe2bd3d5bb84da8debd5ec563393d30995ce4afc6142dc3381ac69902/analysis/1455283786/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3f2-c6c8-4f37-b17b-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:50.000Z",
"modified": "2016-03-16T19:28:50.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 0a8e29bd8fe0f5d4d6a8677454b1d01e97478dc4bc3666eaab6bbbf2f2e759bc",
"pattern": "[file:hashes.SHA1 = 'f39d5ef8059196e38f0ef89bbe96f4cb8a58d2a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9b3f2-1954-474d-9234-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:50.000Z",
"modified": "2016-03-16T19:28:50.000Z",
"description": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 0a8e29bd8fe0f5d4d6a8677454b1d01e97478dc4bc3666eaab6bbbf2f2e759bc",
"pattern": "[file:hashes.MD5 = 'a63124c34c6d5b4b33113af4288e248c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T19:28:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9b3f2-dfd8-44ff-a678-539002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T19:28:50.000Z",
"modified": "2016-03-16T19:28:50.000Z",
"first_observed": "2016-03-16T19:28:50Z",
"last_observed": "2016-03-16T19:28:50Z",
"number_observed": 1,
"object_refs": [
"url--56e9b3f2-dfd8-44ff-a678-539002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9b3f2-dfd8-44ff-a678-539002de0b81",
"value": "https://www.virustotal.com/file/0a8e29bd8fe0f5d4d6a8677454b1d01e97478dc4bc3666eaab6bbbf2f2e759bc/analysis/1455283814/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink